# from https://github.com/aquasecurity/trivy-operator/tree/v0.15.1/deploy/helm/crds
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.9.2
  creationTimestamp: null
  name: clustercompliancereports.aquasecurity.github.io
spec:
  group: aquasecurity.github.io
  names:
    kind: ClusterComplianceReport
    listKind: ClusterComplianceReportList
    plural: clustercompliancereports
    shortNames:
    - compliance
    singular: clustercompliancereport
  scope: Cluster
  versions:
  - additionalPrinterColumns:
    - description: The age of the report
      jsonPath: .metadata.creationTimestamp
      name: Age
      type: date
    - description: The number of checks that failed
      jsonPath: .status.summary.failCount
      name: Fail
      priority: 1
      type: integer
    - description: The number of checks that passed
      jsonPath: .status.summary.passCount
      name: Pass
      priority: 1
      type: integer
    name: v1alpha1
    schema:
      openAPIV3Schema:
        description: ClusterComplianceReport is a specification for the ClusterComplianceReport
          resource.
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: ReportSpec represent the compliance specification
            properties:
              compliance:
                properties:
                  controls:
                    description: Control represent the cps controls data and mapping
                      checks
                    items:
                      description: Control represent the cps controls data and mapping
                        checks
                      properties:
                        checks:
                          items:
                            description: SpecCheck represent the scanner who perform
                              the control check
                            properties:
                              id:
                                description: id define the check id as produced by
                                  scanner
                                type: string
                            required:
                            - id
                            type: object
                          type: array
                        defaultStatus:
                          description: define the default value for check status in
                            case resource not found
                          enum:
                          - PASS
                          - WARN
                          - FAIL
                          type: string
                        description:
                          type: string
                        id:
                          description: id define the control check id
                          type: string
                        name:
                          type: string
                        severity:
                          description: define the severity of the control
                          enum:
                          - CRITICAL
                          - HIGH
                          - MEDIUM
                          - LOW
                          - UNKNOWN
                          type: string
                      required:
                      - id
                      - name
                      - severity
                      type: object
                    type: array
                  description:
                    type: string
                  id:
                    type: string
                  relatedResources:
                    items:
                      type: string
                    type: array
                  title:
                    type: string
                  version:
                    type: string
                required:
                - controls
                - description
                - id
                - relatedResources
                - title
                - version
                type: object
              cron:
                description: cron define the intervals for report generation
                pattern: ^(((([\*]{1}){1})|((\*\/){0,1}(([0-9]{1}){1}|(([1-5]{1}){1}([0-9]{1}){1}){1})))
                  ((([\*]{1}){1})|((\*\/){0,1}(([0-9]{1}){1}|(([1]{1}){1}([0-9]{1}){1}){1}|([2]{1}){1}([0-3]{1}){1})))
                  ((([\*]{1}){1})|((\*\/){0,1}(([1-9]{1}){1}|(([1-2]{1}){1}([0-9]{1}){1}){1}|([3]{1}){1}([0-1]{1}){1})))
                  ((([\*]{1}){1})|((\*\/){0,1}(([1-9]{1}){1}|(([1-2]{1}){1}([0-9]{1}){1}){1}|([3]{1}){1}([0-1]{1}){1}))|(jan|feb|mar|apr|may|jun|jul|aug|sep|okt|nov|dec))
                  ((([\*]{1}){1})|((\*\/){0,1}(([0-7]{1}){1}))|(sun|mon|tue|wed|thu|fri|sat)))$
                type: string
              reportType:
                enum:
                - summary
                - all
                type: string
            required:
            - compliance
            - cron
            - reportType
            type: object
          status:
            properties:
              detailReport:
                description: ComplianceReport represents a kubernetes scan report
                properties:
                  description:
                    type: string
                  id:
                    type: string
                  relatedVersion:
                    items:
                      type: string
                    type: array
                  results:
                    items:
                      properties:
                        checks:
                          items:
                            description: ComplianceCheck provides the result of conducting
                              a single compliance step.
                            properties:
                              category:
                                type: string
                              checkID:
                                type: string
                              description:
                                type: string
                              messages:
                                items:
                                  type: string
                                type: array
                              remediation:
                                description: Remediation provides description or links
                                  to external resources to remediate failing check.
                                type: string
                              severity:
                                description: Severity level of a vulnerability or
                                  a configuration audit check.
                                type: string
                              success:
                                type: boolean
                              target:
                                type: string
                              title:
                                type: string
                            required:
                            - checkID
                            - severity
                            - success
                            type: object
                          type: array
                        description:
                          type: string
                        id:
                          type: string
                        name:
                          type: string
                        severity:
                          type: string
                        status:
                          type: string
                      required:
                      - checks
                      type: object
                    type: array
                  title:
                    type: string
                  version:
                    type: string
                type: object
                x-kubernetes-preserve-unknown-fields: true
              summary:
                properties:
                  failCount:
                    type: integer
                  passCount:
                    type: integer
                type: object
              summaryReport:
                description: SummaryReport represents a kubernetes scan report with
                  consolidated findings
                properties:
                  controlCheck:
                    items:
                      properties:
                        id:
                          type: string
                        name:
                          type: string
                        severity:
                          type: string
                        totalFail:
                          type: integer
                      type: object
                    type: array
                  id:
                    type: string
                  title:
                    type: string
                type: object
                x-kubernetes-preserve-unknown-fields: true
              updateTimestamp:
                format: date-time
                type: string
            required:
            - updateTimestamp
            type: object
        type: object
    served: true
    storage: true
    subresources:
      status: {}
